Verification of a Domain Validation (DV) certificate
By default, TLS certificates with domain DV authentication are authenticated via email sent to the authenticated domain. If your domain has no email and you cannot deliver the email, you can use an alternative certificate verification option. Alternative domain certificate verification can be done via DNS record or uploaded to an FTP file for verification.
This verification procedure applies to the following TLS certificates:
Verification via verification email
The TLS certificate verification process consists of the given certification authority sending an email message to the preselected domain email from the TLS certificate request (admin, administrator, hostmaster, webmaster, postmaster).
In the email message, it is necessary to go through the certification authority’s website link and confirm the order with the button "I Approve".
Setting up the email for domain validation using TXT record
You have the option to add your own email address to the TXT records of the verified domain and use that address for validation. This feature extends domain validation by email (DCV) with any email you define in your domain's DNS.
For the validated domain, create the subdomain _validation-contactemail in the TXT records and use the email address you want to use for validation as its destination. The record in the DNS zone looks like this:
_validation-contactemail.domain.com IN TXT joe@gmail.com
After extending the DNS record, DigiCert loads the email address and sends there the DCV approver for the verified domain (as well as to the 5 standard addresses).
If you do not receive the confirmation email (please check your spam), please contact us.
Alternative verification
Alternative DV certificate authentication can be used if the domain does not have an active email service or mailboxes used by the authentication authority.
Creating a DNS TXT record
For DNS verification of the domain, it is necessary to create a DNS record of the TXT type in the authenticated domain’s zone file. You can find this option in your registrar's domain administration, where you can set up DNS records. The data for creating a TXT record will be listed in the certificate order detail and are unique to each order. You will put the already prepared records into DNS, which we will show you. In principle, this is to set a unique text in the TXT record to the _dnsauth subdomain.
An example DNS record for DNS domain verification:
_dnsauth.sslmarket.com. 3600 IN TXT pyzm2vngxyfgwbh5d04n7j9nl4zrp51v
The authority will then check the TXT record in the DNS domain at regular intervals. If the TXT record is correct, it will confirm the certificate order and issue it, both will be done automatically. You will no longer have to wait for a confirmation email.
Verification by file uploaded to FTP
The file to be used for verification can be downloaded from the SSL/TLS certificate order detail. Its unique content is given by the authority and is unique to your order.
Download the fileauth.txt file (plain text) from the SSLMarket administration and upload it to the /.well-known/pki-validation/ (FTP) folder. Make sure that the file is accessible to the visitor and is not restricted, for example, by the .htaccess file.
The authority will automatically check the file's presence and content at regular intervals. Once it is found, it will confirm the certificate order and it will be issued.
The verification process is completed after manual (verification e-mail) or automatic (DNS record and FTP file) confirmation. The generated SSL/TLS certificate is then sent to the technical contact email, or you can obtain it at any time by logging into your customer account.
